AW: Help(urgent) Exception: pad block corrupted (jdk 1.5)

[Dittmann, Werner]

Elilvannan   this is a known problem if BouncyCastle is very high up in the provider list. Its a problem in the interworking between the BC provider and the JCE implementation (Cipher class). The BC guys fixed it after I sent a report to them. See attached e-mail from BC.   Regards, Werner Von: Elilvannan Nagarajah [mailto:[EMAIL PROTECTED] Gesendet: Montag, 12. Dezember 2005 06:18 An: wss4j-dev@ws.apache.org Betreff: Help(urgent) Exception: pad block corrupted (jdk 1.5) Hi all,            I am using wss4j for signature and encryption for a web service. Earlier I used tomcat, j2sdk1.4.2_03, java keytool utility to generate the keystore and certificate. For this configuration security is working fine.   But my deployment environment is weblogic 9.0 express. For this one weblogic uses jrockit90_150_03 ( jdk 1.5 compliant).   For this, I redo all the works under this environment. I added the following entry security.provider.3=org.bouncycastle.jce.provider.BouncyCastleProvider in the java.security file in weblogic.   Axis also using axis/lib folder for all the required libraries. (it is not using any of the weblogic ones)     But I am getting following exception in the server side.   org.apache.ws.security.WSSecurityException: Cannot encrypt/decrypt data; nested exception is:         org.apache.xml.security.encryption.XMLEncryptionException: pad block cor rupted Original Exception was javax.crypto.BadPaddingException: pad block corrupted         at org.apache.ws.security.processor.EncryptedKeyProcessor.decryptDataRef (EncryptedKeyProcessor.java:388)         at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte dKey(EncryptedKeyProcessor.java:313)         at org.apache.ws.security.processor.EncryptedKeyProcessor.handleEncrypte dKey(EncryptedKeyProcessor.java:81)         at org.apache.ws.security.processor.EncryptedKeyProcessor.handleToken(En cryptedKeyProcessor.java:75)         at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur ityEngine.java:252)         at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecur ityEngine.java:179)         at org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.ja va:159)         at com.affno.ws.handler.AffnoReceiver.invoke(AffnoReceiver.java:67)        ……………………………………   Could anyone please help? Is this because of jdk1.5 or weblogic 9.0? How can I overcome this issue?   Thanks and best regards, Elilvannan

--- Begin Message ---

Title: Re: [dev-crypto] Strange padding problem with BC together withJava 5 on XP

I think I've located what's causing this. There has been a change in the
behaviour of the JCE.

I've uploaded a version that handles this to
http://www.bouncycastle.org/betas You want 131b13 or later.

Regards,

David

On Sat, 2005-11-19 at 09:22 +0100, Werner Dittmann wrote:
> All,
>
> during some work with BC I found a strange/odd decryption
> and padding problem. It occurs if several conditions are met:
>
> - Java 5 (1.5.0_03), running with XP
> - insert the BC provider at position 2 using the following
>   method:
>   ...Security.insertProviderAt(new BouncyCasteProvider(), 2)
>
> When using the method
>   ...Security.addProvider(new BouncyCasteProvider()) the
> problem doesn't show up.
>
> Please have a look at the attached Java source.
> It uses "BC" to encrypt and uses another (default) provider
> to decrypt. In fact this "other provider" is also "BC" -
> because it is on position 2, thuse before the default SunJCE.
> This generates either complete garbage during decryption or
> a "corrupted padding block" error, depending on the padding
> settings.
>
> If we use "addProvider" BC is somewhere behind the standard
> providers and it works.
>
> IMHO it seems to be a problem between the BC JCE
> provider and the way the Java 5 Cipher implementation
> initializes the JCE (in this case BC) provider.
>
> There was no such thing reported on the BC mailing list,
>
> Thanks for you attention.
>
> Regards,
> Werner

--- End Message ---

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]